Proposed EU data protection reform could start a “trade war,” US official says

Activist: “Nothing, not even ACTA, caused the US to lobby on this scale."

EU legislative process

From the outside, it can be difficult to parse how legislation takes effect in Brussels. (There isn’t yet a Schoolhouse Rock episode on the European Union.) Three institutions have to balance with one another to make policy: the European Commission, the European Council, and the European Parliament.

These groups produce several kinds of rules—a “directive” is a set of guidelines which national legislatures “translate” into their own law. Meanwhile, a “regulation” is directly applicable to the entirety of the EU—once passed, it immediately becomes the law of 500 million people.

The process begins in the European Commission, the EU's executive body, which introduces a draft. The Commission’s new data protection regulation draft is now being debated among a main parliamentary committee called Civil Liberties and Justice Affairs (PDF), as well as two sub-committees: the Committee on the Internal Market and Consumer Protection (PDF) and the Committee on Industry, Research, and Energy (PDF). Secondary committees present their opinions to the main committee, which in turn puts forward final recommendations to the entire parliament, which eventually votes on the bill in a “plenary session.”

If the parliament approves, this legislation will be put to the Council of the European Union, which represents each individual member state. If the Council approves, the bill becomes law. If not, the Council will send revisions back to parliament. If parliament votes to approve the changes, then the bill passes, or it can be rejected, where the bill dies.

However, parliament can also modify the bill’s language and send it back to the Council for approval, which can only be unanimous. If the Council approves it, the bill passes. If not, a conciliation committee with members from both houses convenes and has 6 weeks to create a reconciled bill. At that point both houses must take the new bill for a third reading, where it can pass by simple majority—if not, then it’s game over.

BRUSSELS, BELGIUM—Back in 1998, British comedian Eddie Izzard quipped on his Dress to Kill tour that the European Union was “500 million people, 200 languages. No one’s got a clue what they’re saying to each other. It’s the cutting edge of politics in a very extraordinarily boring way.” Fifteen years on, it’s easy to understand how prescient his words were.

But after spending two days in the Belgian capital, it’s clear that digitally minded officials, activists, lobbyists and members of the European Parliament are focused squarely on what could become a massively important change to the European Union's rules concerning data protection. What's more, they have the attention of American tech firms as well.

As we reported over a year ago, Justice Commissioner Viviane Reding of the European Commission proposed a “comprehensive reform” to existing data protection law, which would regulate how online service companies are allowed to keep information on their customers. Right now, anyone who cares about European tech issues has their eye on this ongoing legislation as it makes its way through various Brussels bodies. The legislation is not expected to take effect until 2016.

And by all accounts, lobbying pressure from American government representatives and their corporate allies is intensifying at an unprecedented level as the draft amendments for data protection reform make their way through various committees pushing to strengthen what the European Commission has proposed. One economic officer in the US Foreign Service even commented this week (Google Translate) that the current reform draft could "instigate a trade war" with the US.

Some European legislators don't mind the attention. “With this regulation, we really try to impact the US debate,” said Jan Philip Albrecht, a Green Party member of the European Parliament (MEP) from northern Germany. He hopes that the entire parliament will vote on the reforms before the next European Parliamentary election in June 2014.

Albrecht is the “rapporteur,” or parliamentary liaison between his Committee on Civil Liberties, Justice, and Home Affairs (LIBE) and the European Commission on this issue. Albrecht acknowledged that American tech companies like Google, Facebook, Microsoft, Apple, Amazon, and others would be among the most directly affected should these new reforms that he has proposed take effect.

“[Of course, reform isn’t affecting the US] directly, but we hope that there would be a debate in the US about if it could be a good example for the US to follow,” he added.

In this case, a new regulation would offer major improvements over current law. The data protection reforms as proposed by the Commission would consolidate existing data protection rules, would require data breach notification within 24 hours, and would include a “right to be forgotten,” allowing citizens to “delete their data if there are no legitimate grounds for retaining it.”

At present, the data protection reform bill could also make data portability easier—moving data from LinkedIn to Facebook—and it could impose new fines of between 1 and 4 percent of global revenues for companies that violate the EU’s rules.

At present, tech companies doing business across the EU must pay attention to the rules in all of the 27 member states (soon to be 28, when Croatia accedes to the union later this year). Commissioner Reding has stated that allowing companies to deal with the data protection authority in the main EU country where they have their establishment would collectively save businesses around €2.3 billion ($3.1 billion) a year. In the case of Facebook, for example, that would be Ireland, where the company has declared its international headquarters.

Control over personal data

Enlarge/ Jan Phillip Albrecht, a 30-year-old German MEP, is spearheading the lead committee proposal amendments to the data reform legislation.

This month, MEP Albrecht published his draft response to the Commission’s proposal—and that’s certainly ruffled some feathers.

Here’s one of the most noteworthy additions that he put forth in his 215-page draft (PDF) expanding on what the Commission had initially proposed:

The right to the protection of personal data is based on the right of the data subject to exert the control over the personal data that are being processed. To this end the data subject should be granted clear and unambiguous rights to the provision of transparent, clear and easily understandable information regarding the processing of his or her personal data, the right of access, rectification and erasure of their personal data, the right to data portability and the right to object to profiling. Moreover the data subject should have also the right to lodge a complaint with regard to the processing of personal data by a controller or processor with the competent data protection authority and to bring legal proceedings in order to enforce his or her rights as well as the right to compensation and damages resulting of an unlawful processing operation or from an action incompatible with this Regulation. The provisions of this Regulation should strengthen, clarify, guarantee and where appropriate, codify those rights.

Beyond his formal response, the 30-year-old German legislator has endorsed a new petition (the “Brussels Declaration”) from civil liberties groups, digital rights associations, and many of Europe’s technorati.

“We are outraged, because we, the citizens, are now kept in hundreds of databases, mostly without our knowledge or consent,” the petition thunders. “Over 1,200 companies specialize in trading our personal data, mostly without our knowledge or consent, every time we browse the Internet over 50 companies now monitor every click, mostly without our knowledge or consent, we are constantly being categorized and judged by algorithms and then treated according to the ‘perceived value’ we may or may not bring to business without our knowledge and consent, and lobbying is currently replacing European citizens' voices and manifest concerns.”

Signatories to the petition include groups like Bits of Freedom (Netherlands), Electronic Privacy and Information Center (USA), European Digital Rights, Privacy International (UK), the Chaos Computer Club (Germany), La Quadrature du Net (France), and well-known European activists, including Smári McCarthy (Iceland), and Max Schrems (Austria), whom Ars profiled last year.

Pirate-by-proxy

While it may seem surprising that a Green Party MEP is spearheading the parliamentary response to the data protection reform, that doesn’t surprise the European Parliament’s eldest and one of its most-respected tech-savvy MEPs: Christian Engström, a Pirate Party member from Sweden who was elected to the body in 2009.

“I would consider [Albrecht] as a Pirate,” he told Ars from his Brussels office. “I recognize a Pirate when I see one.”

The Pirate Party, easily Europe’s smartest party on tech issues, has had some headway in Sweden, Germany, Switzerland and a handful of other European states (and a little bit in the United States). But it has struggled in recent months as its political novelty seems to have worn off a bit.

Enlarge/ Christian Engström, a 52-year-old MEP, was the first member of the Pirate Party elected to the European Parliament.

Cyrus Farivar

Engström made the case that the Pirate Party is in a similar position to where the Greens were 40 years ago—representing a fairly fringe area of policy but pressuring other, larger parties to carve out their own position. “If we want anything to happen, the Pirates are not going to get a majority in any parliament in the world,” he observed. “It's sad, but it's a fact of life. If we want positive legislations we want people to copy our ideas, but we're Pirates, so copying is good.”

For the moment, there are only two Pirates (Engström and his 25-year-old colleague, Amelia Andersdotter, who is also from Sweden) out of the entire 753-member body—less than one percent of the entire EU parliament.

But Engström says that being part of the liberal parliamentary group, The Greens-European Free Alliance, may help their views be heard by a wider audience. “Now we're in the Green group, to adopt the Pirate Party, [so we're] up to 7 percent,” he said with a grin.

Andersdotter is also causing quite a stir as the youngest member of the entire European Parliament. Plus, she has created her own reality Web series, dubbed “#exile6e,” named after the section of the parliamentary staff offices where she and her entourage are located, separated from Engström.

An episode published 11 days ago, entitled “Data Protection,” shows Andersdotter working the minutiae of legislative life—from hand-signing documents 224 times to speaking on data protection in the council chambers. Both Andersdotter and Engström sit on the secondary committees that are consulting on the data protection reform process, and they seem to have full confidence that their views will be represented as the process advances.

Enlarge/ Amelia Andersdotter stars as "The Boss" in her own Web series when she's not busy legislating.

Cyrus Farivar

Washington fires back

Established industry has been equally forceful in its opposition. Erika Mann, a former 15-year MEP also from Germany who is now the head of Facebook’s Brussels-based policy office, told the media earlier this month that her employer was "concerned that some aspects of the report do not support a flourishing European Digital Single Market and the reality of innovation on the Internet."

Eduardo Ustaran, a London-based attorney and head of the privacy and information law group at Field Fisher Waterhouse, warned recently that as-is, proposed legislation could mean the end of free online services like Facebook and Gmail.

"If they weren't able to use your data in the way that is profitable or useful for them for advertising purposes, then either the user has to pay for it or stop using the service," he told ZDNet this month.

But it’s more than just the industry that’s upset. American officials are making their voices heard in Brussels and other European capitals.

Just 10 days ago, Stockholm hosted a “data protection debate,” with many speakers from the American government, including the Chamber of Commerce and the American Chamber of Commerce in the EU, and industry officials, all of whom are expressing deep concern that Brussels may force substantial changes to tech companies’ business models. The Stockholm debate was one of “10 other data protection events” held across the EU.

This week, John Rodgers, an economic officer in the US Foreign Service, spoke in Berlin (Google Translate), noting that a vast right to delete such personal information was not technically feasible and would pose a huge problem for all globally minded companies. Most surprisingly, Rodgers warned that the data protection reform as currently conceived could “instigate a trade war.”

According to reporting by the German tech news site, Heise Online, Rodgers reminded the crowd that American and European laws have very different standards when it comes to data protection. "We have the right to privacy in our constitution, which, however, represents no fundamental right to privacy," he noted.

Even earlier, back in early December 2012, the American ambassador to the European Union, William Kennard, expressed concern at a Brussels conference that Americans and American companies would be adversely affected if proposed EU data protection reforms go through as-is.

“Both the proposed regulation and the proposed directive address the transfer of personal data to third countries and international organizations, providing that an ‘adequacy’ determination by the Commission would be the primary means of efficiently and effectively exchanging data and information,” he warned.

“As currently drafted, the criteria to be considered by the Commission in making such an ‘adequacy’ determination would include comparisons to a European-style system of data protection. The provisions do not recognize the existence of privacy protection systems that are structured differently but ensure an equally high level of protection and enforcement, like those in the United States.”

Outside observers say that they are shocked with the level of attention that Americans have paid to this legislative process.

“Nothing, not even ACTA, caused the US to lobby on this scale in Brussels,” said Joe McNamee, of European Digital Rights (EDRI), in an e-mail to Ars. “What is even more surprising is that demonstrably false arguments are sometimes being used, undermining the excellent reputation for professionalism that the US representatives have always had. This is damage that won't easily be undone.”

For the moment though, the European Parliament’s digital caucus—through its Pirate, Green, and other members—remain optimistic that their counterparts from other countries and other parties are becoming increasingly aware of their interests.

Hahahaha US is worried about spying on everyone and everything in EU. Just look at all the economy information and information on people that always flows from EU to US. Never other way around.

Not to mention that US has no privacy protection worth mentioning (not that EU has it now either but that could change with this legislation).

So all in all nice to see US going bonkers. Who gives a fuck.

I'm sure the fact that major tech companies all come from the US and none from Europe (that I can think of, at least) has nothing to do with this flow you speak of.

I was actually referring to government based flow. US gets more or less all the SWIFT data (so all money transfers in Europe, either private or commercial), when Europeans travel to US shit ton of data is sent to US while there is no such requirement for US citizens when travelling here. I'm fairly sure those are not the only things going on in just one direction (echelon comes to mind but that is not so much EU approved so doesn't really the same class).

Things you are referring to is also an issue as US has no protection for foreign data and quite a few examples of data somehow finding it's way to competitors of European companies. But this is mainly cloud usage issue and something that I think EU is actually working on (demanding that data stays in EU where US can't get hold of it by issuing secret orders to companies storing it).

I think companies should have to tell you what they are going to do with your data before you give it to them, and if they ever want to do more with your data, they have to ask your first and you can decline. You could also decline to use the service before giving them your data if you feel the terms are unnacceptable.

That seems like a reasonable approach, sadly that is currently not the case

Good Grief! There's a civilized set of nations on the planet! Google Run! Facebook Run!

sheez. stooges in the US have been treating American citizens like cattle for a decade, "give me your username and password for your email, so I can find your friends for you" - "use friend finder by Facebook" really, we only look for your friends, we don't read your email, or record your password, or download your contact list.

But of course, those are mostly lies. There is no oversight at Google or Facebook. Both must report to their customers - advertisers, governments, whomever creates the market for their data.

And what internal controls exist to protect users of Google Cloud (clown) apps? or Facebook online?

If Cloud Services have a prayer of succeeding, one-way encryption with the USER holding the key is crucial. And *sharing* can't include the *provider* as your God-Friend who sees all and knows all.

Bravo Europe! Here in the US we can only hope we someday achieve the level of civilization Europeans have. We get to eat GMOs without labels, so we don't know if our genes are being modified. We get super-sized, so we're the fattest nation on the planet. We invest less in our renewable future than any civilized nation and we pay 1000x for health care than any other nation.

Ain't we great. and some of our largest corporations pay little to no taxes, they are so proud of themselves.

At least a handful of civilized people are demonstrating they aren't falling for Facebook/Google as Big Brother is 'cool' - its not cool. We've moved from an open Internet with interoperable protocols and processes developed in the open, to backroom 'search algorithms that are now *openly biased* toward Google. To back room Facebook client tracking that they *dare* anyone to figure out. like being unethical is something to be proud of.

And its not that Americans are stupid. Americans have just learned that bigger is *not* better in 2007. And that opaque corporations are not better than American government - there we have the freedom of information act. At Google or Facebook there ain't no information you are going to get, because Americans aren't free to see inside *their* idea of the Internet. A privatized, monarchy.

But this is mainly cloud usage issue and something that I think EU is actually working on (demanding that data stays in EU where US can't get hold of it by issuing secret orders to companies storing it).

Actually that's already the case. European countries can't store sensitive data (there are different classifications of how private some data is and with that different levels of what you can do with it, etc.) on US servers, because US privacy laws aren't strict enough (that's a nice way to phrase it "nonexistent" would be more like it).

In the end EU privacy laws are already a step in the right direction, although the part with "hope that the US adapts more stringent laws because of this" is cute - as experience shows that's more than unlikely to happen anytime soon.

The idea of free software is very popular among techies. Google provides Android for free. How is the development of that OS paid for? Partly through targeted advertising. If Google's revenue stream was greatly decreased, would users be happy paying more for Android phones/tablets? I'm wondering.

But this is mainly cloud usage issue and something that I think EU is actually working on (demanding that data stays in EU where US can't get hold of it by issuing secret orders to companies storing it).

Actually that's already the case. European countries can't store sensitive data (there are different classifications of how private some data is and with that different levels of what you can do with it, etc.) on US servers, because US privacy laws aren't strict enough (that's a nice way to phrase it "nonexistent" would be more like it).

In the end EU privacy laws are already a step in the right direction, although the part with "hope that the US adapts more stringent laws because of this" is cute - as experience shows that's more than unlikely to happen anytime soon.

That is in theory. Not sure how it is elsewhere but a lot of state agencies in Sweden are moving to stuff like google apps and cloud storage despite the law stating that it's not allowed (actually both Swedish and European laws say that but are being ignored).When asked about it government representatives say it's the new cool thing and who gives a fuck about anything else.

The problem with the "right to be forgotten" is that there IS no such right and should BE no such right because it tramples on the rights of other people.

If you want to delete your Facebook profile, I'm okay with that. But its not your right to prevent yourself from being spoken about or marked on photos on Facebook by other people, period, and it isn't Facebook's job to delete all mentions of you from their databases, to delete everything you ever said anywhere else, ect. Indeed, doing so can make it difficult to follow conversations and the like.

Ah, but here's the thing: under the fundamental human rights defined by the European Convention on Human Rights, there is a right to respect for 'private and family life, his home and his correspondence' (that's Article 8, for those keeping score). This is the motivation for European data protection laws. That convention, however, says nothing about the right to 'follow conversations'. Why shouldn't I have the right to request a company delete comments I made?

No "irony" at all! Most Americans do not work for the government and make foreign policy decisions! Most Americans don't stick their noses into the domestic issues of other countries and they expect the same in return!

Yep compared to all those Europeans who sit in the EP! Oh wait, that doesn't make any sense.

Though I'm still not convinced if this is not sarcasm gone a bit too far, I mean really?

AxMi-24 wrote:

That is in theory. Not sure how it is elsewhere but a lot of state agencies in Sweden are moving to stuff like google apps and cloud storage despite the law stating that it's not allowed (actually both Swedish and European laws say that but are being ignored).When asked about it government representatives say it's the new cool thing and who gives a fuck about anything else.

Ouch that's bad, haven't heard anything from other govs in the EU in that regard, but I know of some companies who evaluated cloud services and had to drop the idea because of privacy laws.. I assume govs have it easier in that regard, they regulate themselves after all

Its also funny to me how this article uses a machine translation of an article citing an english-speaking diplomat.

er, can you help us non german speakers out? Is that right to privacy vs right to data privacy?

Privacy vs. data protection. He's saying that while there is a right to privacy, privacy in itself does not inherently include data protection. By all accounts, the proposal means to close that loophole.

There has to be some sort of irony there that the Google translation doesn't convey the meaning of this properly.

"“[Of course, reform isn’t affecting the US] directly, but we hope that there would be a debate in the US about if it could be a good example for the US to follow?” he added."

EU officials can do whatever they want with their wannabe country but they are crossing the line when they make comments like that. What Americans do in their own country is non of their business.

Oh the irony...

No "irony" at all! Most Americans do not work for the government and make foreign policy decisions! Most Americans don't stick their noses into the domestic issues of other countries and they expect the same in return!

Neither do "most Europeans", yet the US government remains one of the most... Interventionist governments out there...

No "irony" at all! Most Americans do not work for the government and make foreign policy decisions! Most Americans don't stick their noses into the domestic issues of other countries and they expect the same in return!

Yep compared to all those Europeans who sit in the EP! Oh wait, that doesn't make any sense.

Though I'm still not convinced if this is not sarcasm gone a bit too far, I mean really?

I would suggest you read more carefully so you can understand. I don't do "sarcasm."

So the US wants a say on EU Data Protection? That's OK as long as EU have a say in Patriot Act and Safe Harbor. Many US firms explicitly state they will not comply with EU Data laws, unknown to users here in Europe example: http://safeharbor.export.gov/companyinfo.aspx?id=15818

No "irony" at all! Most Americans do not work for the government and make foreign policy decisions! Most Americans don't stick their noses into the domestic issues of other countries and they expect the same in return!

Yep compared to all those Europeans who sit in the EP! Oh wait, that doesn't make any sense.

Though I'm still not convinced if this is not sarcasm gone a bit too far, I mean really?

I would suggest you read more carefully so you can understand. I don't do "sarcasm."

So you are *really* suggesting that a large part of Europeans actually make foreign policy decisions compared to the US where it's only down to a handful of politicians?

Sorry, it's still extremely hard to believe that you're serious there, but I'll do my best.. sorry to overestimate your experience with anything outside the US.

"“[Of course, reform isn’t affecting the US] directly, but we hope that there would be a debate in the US about if it could be a good example for the US to follow?” he added."

EU officials can do whatever they want with their wannabe country but they are crossing the line when they make comments like that. What Americans do in their own country is non of their business.

Oh the irony...

No "irony" at all! Most Americans do not work for the government and make foreign policy decisions! Most Americans don't stick their noses into the domestic issues of other countries and they expect the same in return!

Neither do "most Europeans", yet the US government remains one of the most... Interventionist governments out there...

As I already said, most Americans do not equal the "US government." But if you wish to make comparisons as to the level of interference of most so-called "Europeans" and Americans in each other's domestic issues then there simply is no comparison. Most Americans couldn't care less how European countries run their own domestic issues that have nothing to do with them, especially in countries that are free and democratic, and rightly so.

Unfortunately, such is not the case the other way around in my experience of many years as an American living and traveling throughout Europe. I have no problem saying most "Europeans" I have met in my lifetime will not hesitate to arrogantly stick their noses in American domestic issues that have nothing to do with them once the topics of politics, culture, etc, comes up. Some key issues being heath care and guns.

I would chalk it to two things, the inherent Anti-Americanism throughout most of Europe and the leftist mindset that affects most so-called Europeans that makes them think they can stick their noses where it doesn't belong.

No "irony" at all! Most Americans do not work for the government and make foreign policy decisions! Most Americans don't stick their noses into the domestic issues of other countries and they expect the same in return!

Yep compared to all those Europeans who sit in the EP! Oh wait, that doesn't make any sense.

Though I'm still not convinced if this is not sarcasm gone a bit too far, I mean really?

I would suggest you read more carefully so you can understand. I don't do "sarcasm."

So you are *really* suggesting that a large part of Europeans actually make foreign policy decisions compared to the US where it's only down to a handful of politicians?

Sorry, it's still extremely hard to believe that you're serious there, but I'll do my best.. sorry to overestimate your experience with anything outside the US.

No, you are obviously believing whatever you want to believe. I doubt advising you to read again what I wrote, and the line of discussion, would help in any way, especially after your "sorry to overestimate your experience with anything outside the US" comment.

It would be nice if Ars could do a article on what would be required to implement these proposed changes by the aforementioned tech firms. As I certainly agree with the principle behind these proposals, I don't have any idea as to how onerous they are from a technical standpoint, and that makes it hard for me to form an informed opinion.

Ultimately, the act of interfacing with the tech sites I frequent via the internets involves a non-zero risk of my personal information being intercepted and recorded by third parties. This, in my opinion sets a minimum threshold of risk. Thus, if the proposed regulations place an undo technological burden on the companies whose services I enjoy, and subsequently encourage them them to decline my business in an effort to avoid meeting regulatory standards that presume to mitigate the amount of risk beyond levels I have already assessed as acceptable, I will not consider the legislation to be a net benefit, despite my approval of its inherent principles.

Clearly the tech companies will grossly overestimate this burden in an attempt to draw the previous conclusion I suggested, which is why I ask a minimally-biased news organization to estimate such a burden... any takers ARS?

I am cognizant of this simply due to the fact that, in a similar and somewhat inverted (read: ironic) situation, US financial regulators imposed severe banking regulations on Swiss banks concerning US citizens. Considering I am but an extremely poor graduate student at CERN and a US citizen, no bank in Geneva was willing to accept the additional regulatory cost they would have incurred if I were to open an account there... which results in, what scientists are calling "pretty lame," an inability to find a place to live.

It's about sharing. It's okay when Google reads your e-mails to figure out what kind of things they can advertise to you as long as the data stays there. It's not okay when they sell that information to your bank, your government or your employer. Then you end up in troubles because, well, your private life should remain private for a multitude of reasons.

"“[Of course, reform isn’t affecting the US] directly, but we hope that there would be a debate in the US about if it could be a good example for the US to follow?” he added."

EU officials can do whatever they want with their wannabe country but they are crossing the line when they make comments like that. What Americans do in their own country is non of their business.

Oh the irony...

No "irony" at all! Most Americans do not work for the government and make foreign policy decisions! Most Americans don't stick their noses into the domestic issues of other countries and they expect the same in return!

Neither do "most Europeans", yet the US government remains one of the most... Interventionist governments out there...

As I already said, most Americans do not equal the "US government." But if you wish to make comparisons as to the level of interference of most so-called "Europeans" and Americans in each other's domestic issues then there simply is no comparison. Most Americans couldn't care less how European countries run their own domestic issues that have nothing to do with them, especially in countries that are free and democratic, and rightly so.

Unfortunately, such is not the case the other way around in my experience of many years as an American living and traveling throughout Europe. I have no problem saying most "Europeans" I have met in my lifetime will not hesitate to arrogantly stick their noses in American domestic issues that have nothing to do with them once the topics of politics, culture, etc, comes up. Some key issues being heath care and guns.

I would chalk it to two things, the inherent Anti-Americanism throughout most of Europe and the leftist mindset that affects most so-called Europeans that makes them think they can stick their noses where it doesn't belong.

Maybe that's because your government always tries to control/influence other countries? Just look at what's happening in Iraq and Afghanistan. And before it was Iran and we also have the interference into the internal affairs of Sweden (PirateBay, etc.) and many other countries.

If someone doesn't want your "democracy" maybe you shouldn't shove it down their throats? You know, because I'm quite fine living in a "socialistic" state with free medical care, no guns andfull social benefits.

This only applies to companies, and very, very particular to US companies.

Come up with another way to tax US tech companies.

Spot the shill?

There's no tax proposed.

Spot the peoplewho can't read and comprehend?

"1-4% of global revenues". You say fine, I say tax to continue operating in the EU since you've just taken the only revenue stream away otherwise except for starting a non-free internet fo EU denizens.

TANSTAAFL. The ability to use the data is the cost the user pays to use the service.

This week, John Rodgers, an economic officer in the US Foreign Service, spoke in Berlin in January 2013 (Google Translate), noting that a vast right to delete such personal information was not technically feasible and would pose a huge problem for all globally-minded companies.

I fail to see how deleting data would present such a technological problem. Presumably they are very very good at keeping track of, and updating, our data, how else would they stay in business. So it would stand to reason that keeping track of an deletion flag associated with our data would be simple enough. This is not something that threatens their business model, if anything it should serve to improve it as it would help to keep their data "fresh", and not encumbered with old data sources. (After all, when a user stops using an account somewhere, it's usualy because they have moved to a better service and made a new account there.)

I think the hardest part of it all is dealing with the fact that you will eventually more than likely have to exchange hard currency to get services from the internet rather than the soft currency of our data. And I don't mean to say that our data shouldn't be protected or that I don't mind mine being exploited.

But the price these services would likely charge would be far more than what you are probably considering your privacy to be worth, as well as the fast reach the services get now.

Free to air TV exists and figures out usage data via opt in methods, so it's not like all these data mining companies will die off or turn to pay to use automatically. Heck even the early web worked ok without data mining to do their targeted ads, the quality of service might drop sure but it's not like it'll be pay real $ or get nothing if this goes through.

But does free to air TV actually exist in the UK? I seem to recall a tax on TVs that had to be paid. You want to go that route, and blanket tax every citizen of the EU for every device capable of connecting to the net to pay these US companies?

If you agree to let a company use your data in a certain way, why should governments dictate otherwise?

Because idiots clicking "I accept" everywhere without even reading Privacy Statement should be protected from themselves for the sake of the rest of us who are minority and therefore forced to accept the same "standards" set by the ignorant masses.

DaveSimmons wrote:

Profiling often makes sense. Companies use it because it has predictive power, not because they are eeeevil discriminators.

Err... no.

Google profiles my searches even though I am not logged in and even though I disabled every sort of tracking I could disable. They think they know what I want.

If I search from home for "subject" and get the right result then when I search from work for "subject" 9 out of 10 times I can't find what I found at home -- I am getting totally different set of results because my search pattern at work is different than the one at home.

Someone will most likely suggest to search while logged in at both locations, but that creates even bigger privacy issue.

So no, profiling is wrong because it is trying to reduce an individual into a set of behavioral patterns and as a human being who doesn't like to think about himself as predictable, I would like to opt out of it. Even better, it should be opt-in by default.

But of course, those are mostly lies. There is no oversight at Google or Facebook. Both must report to their customers - advertisers, governments, whomever creates the market for their data.

You wouldn't even know about these practices if companies like Google didn't disclose them freely.

Quote:

If Cloud Services have a prayer of succeeding, one-way encryption with the USER holding the key is crucial. And *sharing* can't include the *provider* as your God-Friend who sees all and knows all.

On Google, you can choose who can see your documents - private, link only, or public. You can specify specific users.

Could Google look at my stuff? sure. But so could anyone. If you have anything you don't want public, don't put it on the internet. Anywhere. If you do, encrypt it. You can never trust anyone else with your data, and if you do, you're an insipid moron. I don't put anything on Google that I am terribly worried about people seeing - indeed, I only put things there for people to see.

Quote:

Bravo Europe! Here in the US we can only hope we someday achieve the level of civilization Europeans have. We get to eat GMOs without labels, so we don't know if our genes are being modified. We get super-sized, so we're the fattest nation on the planet. We invest less in our renewable future than any civilized nation and we pay 1000x for health care than any other nation.

Firstly, we're not the fattest country on the planet. Secondly, we pay about 1.5-2x for health care, but (fun fact!) we actually have very excellent health care - the main reason that Americans have lower life expectancy is diet and lack of availability. If you have health care coverage, you get better health care than you do in other countries, and people over the age of 65 actually have higher life expectancy than most because at that point we DO have universal health care.

We do pay too much, and health insurance is a scam, but the idea that our health care system sucks is really wrong. We actually have high standards of care. Its just that not everyone GETS it.

And regarding GMOs - its all pure nonsense. GMOs are safe. People who say otherwise are called "liars". Its pure scaremongering. There's no difference between GMOs and other domesticated plants and animals save that GMOs are even better.

And don't say organic foods taste better - blind taste testing, they taste worse. And they're more expensive. And they're no better for you. Organic foods are an enormous scam.

Quote:

At least a handful of civilized people are demonstrating they aren't falling for Facebook/Google as Big Brother is 'cool' - its not cool. We've moved from an open Internet with interoperable protocols and processes developed in the open, to backroom 'search algorithms that are now *openly biased* toward Google. To back room Facebook client tracking that they *dare* anyone to figure out. like being unethical is something to be proud of.

There is no evidence to suggest that search algorithms are biased towards Google. Google shopping on Google and on Bing - neither gives Google in the top 10. Maps? Google maps is the #1 result on Bing. Does bing advertise their own map service on the top of the page? Yes. So does Google. But they don't masquerade as search results, and google maps is #1 either way - because it IS #1.

Seriously. Get the tin foil out of your hat.

Quote:

And its not that Americans are stupid. Americans have just learned that bigger is *not* better in 2007. And that opaque corporations are not better than American government - there we have the freedom of information act. At Google or Facebook there ain't no information you are going to get, because Americans aren't free to see inside *their* idea of the Internet. A privatized, monarchy.

What that they hold do you have the right to see?

I can't think of anything.

Voo42 wrote:

Actually that's already the case. European countries can't store sensitive data (there are different classifications of how private some data is and with that different levels of what you can do with it, etc.) on US servers, because US privacy laws aren't strict enough (that's a nice way to phrase it "nonexistent" would be more like it).

Whine whine whine.

What are you worried about? Seriously.

alexr wrote:

Ah, but here's the thing: under the fundamental human rights defined by the European Convention on Human Rights, there is a right to respect for 'private and family life, his home and his correspondence' (that's Article 8, for those keeping score). This is the motivation for European data protection laws. That convention, however, says nothing about the right to 'follow conversations'. Why shouldn't I have the right to request a company delete comments I made?

Firstly, there is a right to privacy in the US. Idiots who know nothing about the US don't know that.

Secondly, the right to privacy is LIMITED. If you are having a PUBLIC conversation, then it is not PRIVATE. I know this concept is difficult for some people to understand, but if you comment on a forum, or on a news story, or on whatever, that is PUBLIC conversation. There is no expectation of PRIVACY when you speak in PUBLIC.

Why do you have the right to force them to delete your PUBLIC conversation? You shouldn't and don't.

You don't have the right to delete comments you made. Period. The very idea is inane. Anything that is public is public. If you say something in public, then there can be a record of it forever now - and probably will be.

If you don't want stupid things you said to become public knowledge, don't make them public knowledge.

But you have no right to erase history when you don't like it anymore. That's the sort of thing that the Soviet Union did to remove embarassment.

If you can't cope with that reality, then don't comment on the internet.

Quote:

As an European green I find it rather offensive to be labelled as a "liberal" !

Then you don't understand what the word liberal means. Unless you're saying you're against civil rights?

Then again, given that these guys' stance seems to be against them...

Quote:

So the US wants a say on EU Data Protection? That's OK as long as EU have a say in Patriot Act and Safe Harbor. Many US firms explicitly state they will not comply with EU Data laws, unknown to users here in Europe example: http://safeharbor.export.gov/companyinfo.aspx?id=15818

The PATRIOT act sucks, but I think you're a bit confused about copyright law. You know why copyright terms are so long? Here's a clue: It was the EU that extended them, then forced the US to extend them via treaty.

Yet people blame the US for sucky copyright law.

Maybe if you guys even bothered to educate yourselves about oh, say, anything...

Seriously, people talk about ignorant Americans, and laugh about them, but I see even worse ignorance in many people from Europe and Australia. You guys seem to know nothing even about your own countries' history half the time. :\

Quote:

Maybe that's because your government always tries to control/influence other countries? Just look at what's happening in Iraq and Afghanistan. And before it was Iran and we also have the interference into the internal affairs of Sweden (PirateBay, etc.) and many other countries.

Everyone is always trying to influence everyone else. Saying that the Pirate Bay is internal to Sweden is retarded though. The Pirate Bay is primarily about stealing stuff from the US, and guess what? Countries have treaties to make them respect each others' laws to some extent. Copyright is important in Sweden as it is in the US.

Quote:

If someone doesn't want your "democracy" maybe you shouldn't shove it down their throats? You know, because I'm quite fine living in a "socialistic" state with free medical care, no guns and full social benefits.

Yeah. On the back of American taxpayers, no less.

Maybe if we made you guys actually pay for your own defense, you would be less cocky.

Quote:

Google profiles my searches even though I am not logged in and even though I disabled every sort of tracking I could disable. They think they know what I want.

Fun fact: they probably do.

But here's the thing:

Quote:

So no, profiling is wrong because it is trying to reduce an individual into a set of behavioral patterns and as a human being who doesn't like to think about himself as predictable, I would like to opt out of it. Even better, it should be opt-in by default.

This isn't exactly hidden. The moment I heard about it I opted out. I don't mind if they use my search results to help them build a better engine. But I want to see neutral engine output, NOT my personal output.

Seriously, this is a non-complaint.

Also, you are predictable. Sorry to break it to you, but you're a machine made out of meat. You may be one of the most complicated machines on the planet, but you're still a machine. Humans are highly predictable - that is how charisma works. It is why people are so easy to manipulate. You can deprogram yourself to a degree, but in the end, you're still made out of meat - and being in control of yourself at all times is surprisingly difficult for most people. They don't even realize that they're not. YOU probably don't, but you mirror oh so many others.

If you practice at it, after a while you can make yourself significantly more unpredictable to others without significant effort. Even still though you are predictable to some extent if you behave rationally.

As they say, always remember that you are unique. Just like everyone else.

If you can't cope with reality, that isn't Google's problem. They're just trying to give you better search results.

I think companies should have to tell you what they are going to do with your data before you give it to them, and if they ever want to do more with your data, they have to ask your first and you can decline. You could also decline to use the service before giving them your data if you feel the terms are unnacceptable.

All this talk of "rights" - you have the right to withhold your custom, you have the right to enter into agreements or contracts, or not to. If you agree to let a company use your data in a certain way, why should governments dictate otherwise?

The government is not telling what data you're allowed to give away. Generally there is a very limited number of rights that you're not allowed to give away without the right to backtrack. This will not add anything new.

It's your right to give away your medical records for your whole life, if you wish. They are saying that without your consent your data should not be collected and processed. That the processing and collection should be clear and up-front. That cancelling such a contract should give you the right to demand removal of all such data(no "you gave me your data now it's mine forevar sucker!!!" attitude).

As a user I don't realy see a problem with the proposed reform.I am well aware that as a user the tradeoff for using free services is letting them use my data.The problem starts when a service sells my private data without informing me, or a service collects data without informing me.

As I see it there are 2 ways to deal with this. 1 - Make the data less personal. Do they realy have to know that I love fast cars AND that my brother is into midgetporn? No, they don't need to know anything about my brother. (who is made up btw.) or my name.2 - Inform me when they collect personal data. (This one should be obvious.)3 - ... (ok, ok, they have 3 different ways to deal with this.) Stop collecting data. and charge me for using the service.4 - (Four!,,,Four different ways...) Don't sell my data.

While I can see how a service like facebook uses my personal data for profit, I don't see why an add banner service should be able to associate that I am friends with someone who likes Hello Kitty. No reason at all.They can change the data they are selling so that it isn't personal, doesn't keep track of people I'm related to, or friends with. or just present it as statistics. Or atleast inform me what they will do with the data.

Services that uses my personal data should at the very least inform me that they are. That is not too much to ask for.

Profiling often makes sense. Companies use it because it has predictive power, not because they are eeeevil discriminators.

An an algorithm that links reading David Drake to being a prime customer for John Scalzi's books is not an invasion or infringement or imposition, its "Science!"

An insurance company bit of AI that correlates not paying your bills with being a bad driver isn't racism or classism, it's "Science!"

Either that, or reality has a class bias along with its liberal one.

> "If they weren't able to use your data in the way that is profitable or useful for them for advertising purposes, then either the user has to pay for it or stop using the service,"

Exactly. Ars is free for me to use, both the articles and forums. In return, I give up some privacy. As long as that is disclosed I'm happy to have my clicks tracked instead of paying Ars $5 a month.

You're missing the point. The right not to be profiled is just that - a right that you are allowed not to use. If you do not consent not to be profiled by Google, then Google may ask you for the consent and not allow you to use their services(and/or services that are subsidized by Google's advertising). Now, however, you don't consent and you're being profiled. You did not explicitly agree to certain ToS, even on Ars you weren't asked if you agree to ToS before you registered.

I think companies should have to tell you what they are going to do with your data before you give it to them, and if they ever want to do more with your data, they have to ask your first and you can decline. You could also decline to use the service before giving them your data if you feel the terms are unnacceptable.

All this talk of "rights" - you have the right to withhold your custom, you have the right to enter into agreements or contracts, or not to. If you agree to let a company use your data in a certain way, why should governments dictate otherwise?

The government is not telling what data you're allowed to give away. Generally there is a very limited number of rights that you're not allowed to give away without the right to backtrack. This will not add anything new.

It's your right to give away your medical records for your whole life, if you wish. They are saying that without your consent your data should not be collected and processed. That the processing and collection should be clear and up-front. That cancelling such a contract should give you the right to demand removal of all such data(no "you gave me your data now it's mine forevar sucker!!!" attitude).

Why not? If you pay someone, you can't take back your money because you cancelled the contract. If you pay someone with information, why should you be able to take it back?

That's just stupid.

I am all for being upfront, but most people don't even understand what data collection means, much less what it is for. Its scare tactics like the whole anti-vaccination and anti-GMO thing, and often perpetuated by the same sort of people.

Quote:

You're missing the point. The right not to be profiled is just that - a right that you are allowed not to use. If you do not consent not to be profiled by Google, then Google may ask you for the consent and not allow you to use their services(and/or services that are subsidized by Google's advertising). Now, however, you don't consent and you're being profiled. You did not explicitly agree to certain ToS, even on Ars you weren't asked if you agree to ToS before you registered.

They don't get any information from you that you aren't handing out to anyone who asks on the internet, though. If you search via them, then they're getting the information you're searching with - otherwise they couldn't do the search in the first place.

If you're using their service, you're giving them the data they're using to track you. Period. Why do they need a TOS for that? Its inherent in the action you're taking.

Its far more convenient to just be able to go to Google on any computer and not need to waste an extra click on a TOS people won't read anyway. If you're too autistic to deal with that don't get on the internet. I would rather you not waste my time for the rest of eternity because you're crazy.

If you're going to say something you might want to learn what you're saying first.

There's a reason the word liberal and the word liberty look similar.

"Liberalism (from the Latin liberalis) is a political philosophy or worldview founded on ideas of liberty and equality. Liberals espouse a wide array of views depending on their understanding of these principles, but generally they support ideas such as free and fair elections, civil rights, freedom of the press, freedom of religion, free trade, and private property."

Its not very difficult to understand. A liberal is someone who is for more rights. That is what a liberal IS. That is what the word means.

And even more irony from the EU regarding the "right to be forgotten": it seems that they have themselves forgotten about their own EU Data Retention Directive (see http://en.wikipedia.org/wiki/Data_Retention_Directive) which came into action a few years ago and mandates that all telecommunication data must be kept for 6 to 24 months. So what is the point of asking Google to delete my account and data if they have to keep identifiable logs anyway?

Google isn't a telecommunications company.Let alone, you are forgetting that the Data Retention Directive and the new Data Protection rules come from diametrically opposite sides of the isle. (Your complaint is like complaining that US politics is full of irony because Republicans want spending cuts and Democrats want increased revenues)

If you're going to say something you might want to learn what you're saying first.

There's a reason the word liberal and the word liberty look similar.

"Liberalism (from the Latin liberalis) is a political philosophy or worldview founded on ideas of liberty and equality. Liberals espouse a wide array of views depending on their understanding of these principles, but generally they support ideas such as free and fair elections, civil rights, freedom of the press, freedom of religion, free trade, and private property."

Its not very difficult to understand. A liberal is someone who is for more rights. That is what a liberal IS. That is what the word means.

Yes the problem is actually that the term "liberal" has been subverted in the US/(media), but since the term is used here by a US media in what looks distinctively like the usual simplistic dichotomy to label liberal vs. conservative (a ridiculous comparison by any real understanding of the words), his outrage seems justified.